From the April 2012 issue of Claims Magazine • Subscribe!

Corporate Identity Theft

Minimize Risk of Reputational, Financial Harm

Corporate personhood is the notion that corporations have rights and responsibilities similar to those of an individual person. It follows that if a corporation has the same rights and responsibilities as a person, it can also have an identity and thus be the victim of identity theft.

National Public Radio (NPR) recently reported on the growing trend of business identity theft in which perpetrators pose as legitimate businesses to steal customers or to gain access to the business or to customers’ financial information.

The NPR story focused on the owner of a pest control business who opened the Yellow Pages to find three other listings with the same company name, none of which were affiliated with him. While he had no way of knowing for sure, he assumed customers were calling the impostors thinking it was, in fact, his business. He worried that impostors would either harm his company’s reputation by providing inferior services or use his name to acquire customer information.

Other tactics identity thieves may use include establishing lines of credit under the business’s name or resurrecting defunct businesses without the original business owners’ knowledge and taking out loans and lines of credit.

Standard commercial property and liability insurance covering tangible property generally does not adequately address cyber risks, such as corporate identity theft. Coverage can be obtained for some exposures under a cyber liability policy. These policies contain coverage for losses such as privacy notification expenses—the cost to notify customers of security breaches that have left their financial information exposed—e-business interruption, e-theft, and e-vandalism.

Cyber Liability Programs
The policies can usually be underwritten on either a package or a stand-alone basis, depending on the company’s size. Stand-alone programs for larger risks are available on a modular or menu-driven framework and are generally tailored to the company’s specific exposures. Cyber liability programs normally cover both first-party and third-party liability, including errors and omissions.

Coverage for security breaches and identity theft can vary considerably from one company’s Internet liability form to the next. Many provide no coverage or only partial coverage in their base forms for what is often referred to as unauthorized access, unauthorized use, and associated coverages. It is often recommended by cyber risk experts that a policy specifically state that it covers identity theft and/or credit card fraud or that the policy at least grants coverage for negligence generally in the performance of insured services and not contain any applicable exclusion.

While insurance is one way to manage the risk of corporate identity theft, it obviously does not come into play until the damage is done. It may be a long time before the identity theft is discovered, and the company’s reputation could already be in jeopardy at that point. The best practice is to take steps to avoid or minimize the risk. Some areas businesses should consider when framing an anti-identity-theft plan include the following:

  • Protect personal information. Most companies maintain some sort of files containing personal information, be it credit card numbers, patients’ medical histories, or employees’ or job applicants’ Social Security numbers. This information may be received via Web sites,  email, and call centers as well as in person. This information can be stored in a variety of computers, flash drives, filing cabinets, copiers, or mobile devices. Steps must be taken to secure personal information, either physically behind lock and key or electronically using network security measures. Employee training on the proper way to handle, store, and dispose of this type of information is also vital. 
  • Protect business records. In addition to hacking into company networks and using other high-tech methods, identity thieves continue to use low-tech methods such as intercepting mail, stealing trash, or physically taking documents. Companies should evaluate what records are needed to maintain the business, inventory those records, and use electronic statements to limit the amount of mail containing company information. The company should never share financial details or documents through email.
  • Monitor credit and other activity. Businesses should check credit reports on a regular basis and be on the lookout for unexpected charges or bills. 

The Federal Trade Commission’s Web site (business.ftc.gov) provides many tools businesses can use to formulate a plan and to protect themselves and their customers from identity thieves.

While companies may rely on insurance to address some of the losses resulting from corporate identity theft, by taking measures to minimize the risk, a business may avoid damage to its credit history and reputation.

 
Page 1 of 3
Comments

Resource Center

View All »

Contractors General Liability Coverage 102

What is a prior work exclusion? Which option is right for my client? Why do...

Sign up today to get a 50% matching credit -...

Insurance marketing sometimes seems like it's a game of swings and misses, but we're here...

Guide: 5 Steps to Selling Cyber

Cyber risk and data security is on the agenda of every business owner and executive....

Citation Correlation

Do rigger and signalperson qualifications correlate with the cause of crane and rigging accidents? ...

Complete Guide to Electronic Signatures in Property & Casualty Insurance...

In property and casualty insurance, closing new business quickly is key. Learn how to leverage...

INSTANT ACCESS: Complimentary Sales Closer Questionnaires

Help property owners or managers compare your commercial residential property insurance coverage vs. the competition....

Determining Vacant Property Perils and Valuations

Are your clients fully covered for Vacant Properties? In this economic climate, your insureds may...

Risk Management for Law Firms

This package of 3 concise risk management articles offers straightforward content and practical suggestions law...

Guide: Top 15 E&O Risks-And How To Avoid Them

Accidents happen. But when it's an errors and omissions oversight, that accident can open your...

We'll Show You How to Reach Your Sales Goals

Whether you work alone or have a team of agents working for you, we can...

Risk Management Report eNewsletter

Identify problems involving emerging risks, reinsurance, and business interruption with help from Risk Management Report - FREE. Sign Up Now!

Advertisement. Closing in 15 seconds.